+
+ |
+ Responder |
+
+
+ | Initiator |
+ DisplayOnly |
+ DisplayYesNo |
+ KeyboardOnly |
+ NoInputNoOutput |
+
+
+ | DisplayOnly |
+ Just Works
Unauthenticated |
+ Just Works
Unauthenticated |
+ Passkey Entry
Authenticated |
+ Just Works
Unauthenticated |
+
+
+ | DisplayYesNo |
+ Just Works
Unauthenticated |
+ Numeric Comparison
Authenticated |
+ Passkey Entry
Authenticated |
+ Just Works
Unauthenticated |
+
+
+ | KeyboardOnly |
+ Passkey Entry
Authenticated |
+ Passkey Entry
Authenticated |
+ Passkey Entry(both need enter)
Authenticated |
+ Just Works
Unauthenticated |
+
+
+ | NoInputNoOutput |
+ Just Works
Unauthenticated |
+ Just Works
Unauthenticated |
+ Just Works
Unauthenticated |
+ Just Works
Unauthenticated |
+
+
+
+*Table 5 IO Capability and Authentication Procedure Mapping*
+
+## Security Mask
+Security Mask has two function. First, to decide whether or not required MITM protection for Authentication_Requirements parameter. Second, to set the security level for authentication stage. On ESP32, the Security Masks for A2DP and HFP are hard coded with `BTA_SEC_AUTHENTICATE` and `(BTA_SEC_AUTHENTICATE|BTA_SEC_ENCRYPT)`. The following table shows `sec_mask` value for SPP and its definition in BTA layer of ESP32 Bluetooth stack.
+
+| SPP sec_mask | BTA layer sec_mask | value | Description |
+| -------------------------- | ---------------------- | ------ | ----------------------------------------------------------------------------------------- |
+| `ESP_SPP_SEC_NONE` | `BTA_SEC_NONE` | 0x0000 | No security |
+| `ESP_SPP_SEC_AUTHORIZE` | `BTA_SEC_AUTHORIZE` | 0x0001 | Authorization required (only needed for out going connection)
+
+ | Security Level Required for Service |
+ Link Key type required for remote devices |
+ Comments |
+ IO Capability & Security Mask Setting |
+
+
+ Level 4(not support)
* MITM protection required
* Encryption required
* User interaction acceptable |
+ Authenticated (P-256 based Secure Simple Pairing and Secure Authentication) |
+ Highest Security Only possible when both devices support Secure Connections |
+ / |
+
+
+ Level 3
* MITM protection required
* Encryption required
* User interaction acceptable |
+ Authenticated |
+ High Security |
+ IO: >= DisplayYesNo
Mask: ESP_SPP_SEC_MITM | BTA_SEC_ENCRYPT |
+
+
+ Level 2
* MITM protection not necessary
* Encryption desired |
+ Unauthenticated |
+ Medium Security |
+ IO: >= DisplayYesNo
Mask: BTA_SEC_ENCRYPT |
+
+
+ Level 1
* MITM protection not necessary
* Encryption desired
* Minimal user interaction desired |
+ Unauthenticated |
+ Low Security |
+ IO: >= NoInputNoOutput
Mask: BTA_SEC_ENCRYPT |
+
+
+ Level 0
* MITM protection not necessary
* Encryption not necessary
* No user interaction desired |
+ None |
+ Permitted only for SDP and service data sent via either L2CAP fixed signaling channels or the L2CAP connectionless channel to PSMs that correspond to service class UUIDs which are allowed to utilize Level 0. |
+ / |
+
+
+
+*Table 7 Security Mode 4 Security Level mapping to link key requirements*
+
+**Note**: Security Mode 4 always requires **authentication** and **encryption** over establishment of L2CAP connection on ESP32.
+
+
+ESP32 Secure Simple Pairing performs legacy authentication which means mutual authentication is achieved by first performing the authentication procedure in one direction and then immediately performing the authentication procedure in the opposite direction. So, when the initiator does not require MITM protection, the generated link key type in this direction is unauthenticated. In other direction, if the responder need MITM protection and have the `sec_mask` of `ESP_SPP_SEC_AUTHENTICATE`, then the unauthenticated link key will be regenerated and upgraded to an authenticated one. Each time the link key is regenerated, user will receive a `ESP_BT_GAP_AUTH_CMPL_EVT` event.
diff --git a/examples/bluetooth/bluedroid/classic_bt/bt_spp_acceptor/README.md b/examples/bluetooth/bluedroid/classic_bt/bt_spp_acceptor/README.md
new file mode 100644
index 0000000000..5bc9621305
--- /dev/null
+++ b/examples/bluetooth/bluedroid/classic_bt/bt_spp_acceptor/README.md
@@ -0,0 +1,52 @@
+| Supported Targets | ESP32 |
+| ----------------- | ----- |
+
+## ESP-IDF BT-SPP-ACCEPTOR demo
+
+This is the demo for user to use ESP_APIs to create a **Serial Port Protocol** (**SPP**) acceptor and we aggregate **Secure Simple Pair** (**SSP**) into this demo to show how to use SPP when creating your own APPs.
+
+## How to use example
+
+### Hardware Required
+
+This example is designed to run on commonly available ESP32 development board, e.g. ESP32-DevKitC.
+
+To operate it should be connected to an SPP Initiator running on a smartphone or on another ESP32 development board.
+
+### Configure the project
+
+```
+idf.py menuconfig
+```
+
+In `menuconfig` path: `Coponent config --> Bluetooth--> Bluedroid Options --> SPP` and `Coponent config --> Bluetooth--> Bluedroid Options --> Secure Simple Pair`.
+
+### Build and Flash
+
+Build the project and flash it to the board, then run monitor tool to view serial output:
+
+```
+idf.py -p PORT flash monitor
+```
+
+(Replace PORT with the name of the serial port to use.)
+
+(To exit the serial monitor, type ``Ctrl-]``.)
+
+See the [Getting Started Guide](https://docs.espressif.com/projects/esp-idf/en/latest/get-started/index.html) for full steps to configure and use ESP-IDF to build projects.
+
+## Example Description
+
+After the program started, `bt_spp_initator` will connect it and send data.
+
+## Trouble shooting
+
+- Acceptor is expected to start before `bt_spp_initator` start.
+
+- To see the information of data, users shall set `SPP_SHOW_MODE` as `SPP_SHOW_DATA` or `SPP_SHOW_SPEED` in code(should be same with `bt_spp_initator`).
+
+- We also show the Security Simple Pair in this SPP demo. Users can set the IO Capability and Security Mode for their device (security level is fixed level 4). The default security mode of this demo is `ESP_SPP_SEC_AUTHENTICATE` which support MITM (Man In The Middle) protection. For more information about Security Simple Pair on ESP32, please refer to [ESP32_SSP](./ESP32_SSP.md).
+
+## FAQ
+Q: How many SPP servers does ESP32 support?
+A: For now, the maximum number of SPP servers is 6, which is limited by the maximum number of SDP records. When the SPP server is successfully started, the unique SCN (Server Channel Number) will be mapped to the SPP server.
diff --git a/examples/bluetooth/bluedroid/classic_bt/bt_spp_acceptor/README.rst b/examples/bluetooth/bluedroid/classic_bt/bt_spp_acceptor/README.rst
deleted file mode 100644
index 4fbc883033..0000000000
--- a/examples/bluetooth/bluedroid/classic_bt/bt_spp_acceptor/README.rst
+++ /dev/null
@@ -1,20 +0,0 @@
-================= =====
-Supported Targets ESP32
-================= =====
-
-ESP-IDF BT-SPP-ACCEPTOR demo
-======================
-
-Demo of SPP acceptor role
-
-This is the demo for user to use ESP_APIs to create a SPP acceptor.
-
-Options choose step:
- 1. idf.py menuconfig.
- 2. enter menuconfig "Component config", choose "Bluetooth"
- 3. enter menu Bluetooth, choose "Classic Bluetooth" and "SPP Profile"
- 4. choose your options.
-
-Then set SPP_SHOW_MODE as SPP_SHOW_DATA or SPP_SHOW_SPEED in code(should be same with bt_spp_initator).
-
-After the program started, bt_spp_initator will connect it and send data.
diff --git a/examples/bluetooth/bluedroid/classic_bt/bt_spp_initiator/README.md b/examples/bluetooth/bluedroid/classic_bt/bt_spp_initiator/README.md
new file mode 100644
index 0000000000..34dcbbf59e
--- /dev/null
+++ b/examples/bluetooth/bluedroid/classic_bt/bt_spp_initiator/README.md
@@ -0,0 +1,54 @@
+| Supported Targets | ESP32 |
+| ----------------- | ----- |
+
+# ESP-IDF BT-SPP-INITATOR demo
+
+This is the demo for user to use ESP_APIs to create a **Serial Port Protocol** (**SPP**) initiator and we aggregate **Secure Simple Pair** (**SSP**) into this demo to show how to use SPP when creating your own APPs.
+
+## How to use example
+
+### Hardware Required
+
+This example is designed to run on commonly available ESP32 development board, e.g. ESP32-DevKitC. To operate it should be connected to an SPP Acceptor running on another device.
+
+### Configure the project
+
+```
+idf.py menuconfig
+```
+
+In `menuconfig` path: `Coponent config --> Bluetooth--> Bluedroid Options --> SPP` and `Coponent config --> Bluetooth--> Bluedroid Options --> Secure Simple Pair`.
+
+### Build and Flash
+
+Build the project and flash it to the board, then run monitor tool to view serial output:
+
+```
+idf.py -p PORT flash monitor
+```
+
+(Replace PORT with the name of the serial port to use.)
+
+(To exit the serial monitor, type ``Ctrl-]``.)
+
+See the [Getting Started Guide](https://docs.espressif.com/projects/esp-idf/en/latest/get-started/index.html) for full steps to configure and use ESP-IDF to build projects.
+
+## Troubleshouting
+
+- Set `SPP_SHOW_MODE` as `SPP_SHOW_DATA` or `SPP_SHOW_SPEED` in code (should be same with bt_spp_acceptor).
+
+- After the program started, It will connect to bt_spp_acceptor and send data.
+
+- We haven't do the same update to `bt_acceptor_demo` for the sake of reducing the size of ESP_IDF, but transplanting of input module is supported.
+
+- We also show the Security Simple Pair in this SPP demo. Users can set the IO Capability and Security Mode for their device (security level is fixed level 4). The default security mode of this demo is `ESP_SPP_SEC_AUTHENTICATE` which support MITM (Man In The Middle) protection. For more information about Security Simple Pair on ESP32, please refer to [ESP32_SSP](../bt_spp_acceptor/ESP32_SSP.md).
+
+## FAQ
+Q: How can we reach the maximum throughput when using SPP?
+A: The default MTU size of classic Bluetooth SPP on ESP32 is 990 bytes, and higher throughput can be achieved in the case that data chunck size is close to the MTU size or multiple of MTU size. For example, sending 100 bytes data per second is much better than sending 10 bytes every 100 milliseconds.
+
+Q: What is the difference between the event `ESP_SPP_CONG_EVT` and the parameter `cong` of the event `ESP_SPP_WRITE_EVT`?
+A: The event `ESP_SPP_CONG_EVT` shows the changing status from `congest` to `uncongest`, or form `uncongest` to `congest`. Congestion can have many causes, such as using out of the credit which is sent by peer, reaching the high watermark of the Tx buffer, the congestion at Bluetooth L2CAP layer and so on. The parameter `cong` of the event `ESP_SPP_WRITE_EVT` shows a snapshot of the state of the flow control manager after the write operation is completed. The user needs to carefully consider retransmitting or continuing to write according to these two events. The ESP32 offers an VFS mode of SPP which hides the details of retransmitting, but it will block the caller and is not more efficient than the callback mode.
+
+Q: How many SPP clients does ESP32 support?
+A: The ESP32 supports maximum 8 SPP clients, which including virtual SPP connections. Virtual SPP connection means that SPP clients can connect to the different SPP servers running on the same peer device. However the number of SPP clients (excluding virtual connections) shall not exceed the number of Bluetooth ACL connections.
diff --git a/examples/bluetooth/bluedroid/classic_bt/bt_spp_initiator/README.rst b/examples/bluetooth/bluedroid/classic_bt/bt_spp_initiator/README.rst
deleted file mode 100644
index 543f43faec..0000000000
--- a/examples/bluetooth/bluedroid/classic_bt/bt_spp_initiator/README.rst
+++ /dev/null
@@ -1,20 +0,0 @@
-================= =====
-Supported Targets ESP32
-================= =====
-
-ESP-IDF BT-SPP-INITATOR demo
-======================
-
-Demo of SPP initator role
-
-This is the demo for user to use ESP_APIs to create a SPP initator.
-
-Options choose step:
- 1. idf.py menuconfig.
- 2. enter menuconfig "Component config", choose "Bluetooth"
- 3. enter menu Bluetooth, choose "Classic Bluetooth" and "SPP Profile"
- 4. choose your options.
-
-Then set SPP_SHOW_MODE as SPP_SHOW_DATA or SPP_SHOW_SPEED in code(should be same with bt_spp_acceptor).
-
-After the program started, It will connect to bt_spp_acceptor and send data.